postfixadmin-devel Mailing List for PostfixAdmin (Page 41)
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
postfixadmin-devel — Postfix Admin development talk - users are also welcome
You can subscribe to this list here.
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
(39) |
Nov
(29) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
(5) |
Feb
|
Mar
(8) |
Apr
(8) |
May
|
Jun
(11) |
Jul
(21) |
Aug
(4) |
Sep
(9) |
Oct
(5) |
Nov
(25) |
Dec
(11) |
| 2009 |
Jan
(40) |
Feb
(16) |
Mar
(1) |
Apr
(46) |
May
(3) |
Jun
|
Jul
(1) |
Aug
(9) |
Sep
(9) |
Oct
(27) |
Nov
(35) |
Dec
(20) |
| 2010 |
Jan
(3) |
Feb
(2) |
Mar
(8) |
Apr
(1) |
May
(9) |
Jun
(8) |
Jul
(1) |
Aug
(7) |
Sep
(2) |
Oct
(2) |
Nov
(12) |
Dec
(7) |
| 2011 |
Jan
(45) |
Feb
(11) |
Mar
(18) |
Apr
(15) |
May
(20) |
Jun
|
Jul
(5) |
Aug
(1) |
Sep
|
Oct
(8) |
Nov
|
Dec
(14) |
| 2012 |
Jan
(30) |
Feb
(36) |
Mar
(6) |
Apr
(32) |
May
(20) |
Jun
(5) |
Jul
(2) |
Aug
|
Sep
(4) |
Oct
|
Nov
(22) |
Dec
(1) |
| 2013 |
Jan
(13) |
Feb
(4) |
Mar
(70) |
Apr
(10) |
May
(6) |
Jun
(11) |
Jul
(1) |
Aug
(3) |
Sep
(2) |
Oct
(15) |
Nov
(4) |
Dec
(4) |
| 2014 |
Jan
|
Feb
|
Mar
(2) |
Apr
(2) |
May
(3) |
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(8) |
Dec
(2) |
| 2015 |
Jan
(1) |
Feb
(9) |
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
(6) |
Oct
|
Nov
|
Dec
|
| 2016 |
Jan
(4) |
Feb
|
Mar
(10) |
Apr
(3) |
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
(1) |
Oct
(4) |
Nov
|
Dec
(13) |
| 2017 |
Jan
(1) |
Feb
(6) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
(3) |
| 2018 |
Jan
(2) |
Feb
|
Mar
(2) |
Apr
(7) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
(10) |
Apr
|
May
(1) |
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(7) |
Dec
|
| 2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2023 |
Jan
|
Feb
(2) |
Mar
(3) |
Apr
|
May
|
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2024 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
(3) |
|
From: David G. <da...@co...> - 2007-10-04 06:05:02
|
Christian Boltz wrote : > Hello, >=20 > just going through the svn commits... =20 I'm glad someone else looks at them :) > > --- trunk/templates/admin_edit-admin.tpl 2007-09-28 20:35:19 UTC (rev > > 105) +++ trunk/templates/admin_edit-admin.tpl 2007-09-28 20:35:43 UTC > > (rev 106) @@ -10,7 +10,7 @@ > > </tr> > > <tr> > > <td><?php print $PALANG['pAdminEdit_admin_password'] . ":"; > > ?></td>=20 > > - <td><input class=3D"flat" type=3D"password" name=3D"fPassword"= =20 > > - /></td> =20 > > + <td><input class=3D"flat" type=3D"password" name=3D"fPassword"= =20 > > + value=3D"<?=3D $fPassword; ?>"/></td>=20 >=20 > I consider it security-critical to include the password in the HTML code= =20 > (browser cache etc.). Luckily, this code seems to be buggy - at least,=20 > it never included the password for me. Ah, it should say $tPassword. I'd never intentionally display the unencrypted password in the form. <insert comment about postfix admin's horrible templating and sanitisation structure /> <Smarty + Prepared statements would make me very happy /> > Argh, it seems admin/edit-admin.php needs some fixes... >=20 > I just fixed some password-related bugs in edit-admin.php: > - When entering a password in the first field and leaving the second one= =20 > empty, the password was changed anyways.=20 Er.. I thought my logic was something along the lines of : 1) Get password from template - if it matches the encrypted password belonging to that admin assume it's not changed and do nothing. 2) If it doesn't match the encrypted password, see if password2 is available, and if they match, update the user's password to the new value (after pacrypt'ing it). > - It was also changed to an empty password if you left both fields=20 > empty. This is a bad idea because you often modify some admin settings= =20 > without even knowing his password. =20 There would normally have been the 1st password field with a value within it, so this shouldn't happen (unless someone wants it to have an empty password) I guess my web browser was a little too eager in caching/filling password boxes in for me. > One bug is remaining in admin/edit-admin.php: > When editing an admin, it does not take the "active" status from the=20 > database. This means editing an admin always disables it (unless you=20 > correct the checkbox yourself). > Can you please fix this? Hmm.. I think this is a pgsql vs mysql-ism - in that it works for PgSQL. I'll try and review the code again today. Thank you! David. --=20 David Goodwin=20 [ david at codepoets dot co dot uk ] [ http://www.codepoets.co.uk ] |
|
From: Christian B. <pos...@cb...> - 2007-10-04 00:13:36
|
Hello, Am Montag, 1. Oktober 2007 schrieb David Goodwin: > > Please download header.php from the SF webspace to avoid that it > > gets overwritten by the broken version again ;-) > > Ah - I 'wrote' it on the sf.net server, so have no local copy. OK, then at least there won't be a problem with overwriting my changes ;-) > Perhaps I should add it into svn somewhere? > (trunk/website, or website/trunk?) Just an idea: what about putting it into the DOCUMENTS directory? The screenshots are there anyway, and it would probably be good to include the documentation in the website - and also the other way round. > > Oh, and it would be a good idea to make the <h1> a bit smaller - > > they are too dominant compared to the rest of the text. > > Yes... I know... one of my employees is quite good with graphic > design, so if he gets a spare moment, I might turn him loose on it. I > on the other hand am useless... OK, that's a word :-) For now, I replaced <h1> with <h3> to reduce the font size. Not nice, but it works. Regards, Christian Boltz -- Error: File not found -- search behind couch? (Y/N) |
|
From: Christian B. <pos...@cb...> - 2007-10-04 00:03:44
|
Hello, just going through the svn commits... Am Freitag, 28. September 2007 schrieb Gin...@us...: > Revision: 106 > Author: GingerDog > fix template for edit-admin > --- trunk/templates/admin_edit-admin.tpl 2007-09-28 20:35:19 UTC (rev > 105) +++ trunk/templates/admin_edit-admin.tpl 2007-09-28 20:35:43 UTC > (rev 106) @@ -10,7 +10,7 @@ > </tr> > <tr> > <td><?php print $PALANG['pAdminEdit_admin_password'] . ":"; > ?></td> > - <td><input class="flat" type="password" name="fPassword" > - /></td> > + <td><input class="flat" type="password" name="fPassword" > + value="<?= $fPassword; ?>"/></td> I consider it security-critical to include the password in the HTML code (browser cache etc.). Luckily, this code seems to be buggy - at least, it never included the password for me. Please undo this part of your change again. Argh, it seems admin/edit-admin.php needs some fixes... I just fixed some password-related bugs in edit-admin.php: - When entering a password in the first field and leaving the second one empty, the password was changed anyways. - It was also changed to an empty password if you left both fields empty. This is a bad idea because you often modify some admin settings without even knowing his password. One bug is remaining in admin/edit-admin.php: When editing an admin, it does not take the "active" status from the database. This means editing an admin always disables it (unless you correct the checkbox yourself). Can you please fix this? Regards, Christian Boltz -- If you think that's too esoteric: we usually forget to put out pre-build floppy images and are reminded by customers asking our supporters. :-) [Steffen Winterfeldt in opensuse about boot floppies] |
|
From: David G. <da...@co...> - 2007-10-01 06:03:39
|
> David, thanks for creating the website at=20 > http://postfixadmin.sourceforge.net/ >=20 > I just fixed a minor bug: > "Report a bug" linked to _top instead of the bugtracker. >=20 > Please download header.php from the SF webspace to avoid that it gets=20 > overwritten by the broken version again ;-) Ah - I 'wrote' it on the sf.net server, so have no local copy. Perhaps I should add it into svn somewhere? (trunk/website, or website/trunk?) >=20 > Oh, and it would be a good idea to make the <h1> a bit smaller - they=20 > are too dominant compared to the rest of the text. >=20 Yes... I know... one of my employees is quite good with graphic design, so if he gets a spare moment, I might turn him loose on it. I on the other hand am useless...=20 thanks David. --=20 David Goodwin=20 [ david at codepoets dot co dot uk ] [ http://www.codepoets.co.uk ] |
|
From: Christian B. <pos...@cb...> - 2007-10-01 01:17:44
|
Hello, David, thanks for creating the website at http://postfixadmin.sourceforge.net/ I just fixed a minor bug: "Report a bug" linked to _top instead of the bugtracker. Please download header.php from the SF webspace to avoid that it gets overwritten by the broken version again ;-) Oh, and it would be a good idea to make the <h1> a bit smaller - they are too dominant compared to the rest of the text. Regards, Christian Boltz -- >So, Helm aufsetz und auf Steine wart ... *werf* *Steine! Flache Steine! Runde Steine! Grosse Steine! Kleine Steine!* *Wer will noch mal, wer hat noch nicht?* [> Manfred Tremmel und David Haller in suse-linux] |
|
From: David G. <da...@co...> - 2007-09-26 08:28:03
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mischa Peters wrote : > Hi David, > > >>You can skip the GPL2 part. Just leave it as it is ;) > >Please don't take my inaction (so far) as a sign that I won't do it... > >it's on my todo list! > > Hehe... it has nothing to do with that. I was speaking to a friend > about GPL2 and 3, and it seems 3 might not be such a bad idea. :) > > The only thing we need to do is get my name out and put everyones > name in. > > Mischa > I believe we need to keep a record of all contributors in some manner - and I think you should have credit for the work you did. The existing license states 2 or later, so I don't think there will be any problem moving to 3. I'll change the license file/headers included in Postfixadmin within the next few days. (I'm not a lawyer) David. - -- David Goodwin [ david at codepoets dot co dot uk ] [ http://www.codepoets.co.uk ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG+hgP/ISo3RF5V6YRAqtDAKDBVMNJiCcaV3MNjy6UBX58aphXDACg57Ci bwy89yova6/wsFt0GcOnQzQ= =qIDC -----END PGP SIGNATURE----- |
15 messages has been excluded from this view by a project administrator.
